Schlumberger Spouses Association

Path:

SSAfara.Net: SSAfara.Net: Support: Frequently asked questions

FAQ - Frequently asked questions

F.A.Q: Creating a Secure Password

1. What is considered a secure Schlumberger password?

2. How do I change my current email password?

3. Where can I find help in creating a secure password?

4. Is there a way to test the security level of my password?

5. What will be my password once the SSA Directory is moved?

6. Why was I warned about a password change?

7. Password expiration

8. Password status

9. Password locking

1. What is considered a secure Schlumberger password? - Top

The Schlumberger password security requirements are:

contains 7-14 characters (eight characters is optimal)

uses at least one upper case letter

uses at least one special character

uses at least one number

uses as many character types possible (upper and lower-case letters, numbers, symbols)

cannot be found in a dictionary. For example, D0gb0n# can be found in the dictionary as Dogbone (the letter o is keyed as zero, and the letter e is keyed as #)

Examples of passwords that meet Schlumberger security standards:

mVy6@oz?

aBc1@3aB

mE>8(ooW

l8r?g8r!

gRn8gs&H*(wK)

- Updated: February 11, 2008

2. How do I change my current email password? - Top

The next step to update my SSA email password using this new password. Click the link “Edit My Profile” (http://mail.ssafara.net:5002/cgi-bin/update-record.cgi) on the left side of SSAfara.net homepage.

The following “Choose a digital certificate” message may appear. Click the “OK” button to continue.

You will need to fill out the form below using your current password. Pick “Password” as the Update choice.

You will be taken to the following form:

Enter your new Schlumberger secure password and click the “Change Password” button. You will see the below image if your password was changed successfully.

If you the two passwords you type in do not match, you will receive the following error:

This means you need to try again.
- Updated: February 9, 2008

3. Where can I find help in creating a secure password? - Top

There are websites that will help you generate passwords that will pass Schlumberger’s password security test. Strong Password Generator website (http://www.mytsoftware.com/dailyproject/PassGen/PassGen.html) will generate secure passwords. Below is a picture of the form you will find on the page. You need to fill in the password length, number of passwords you want to create, and pick password format of base95. Then you click the “Generate” button.

Below image shows the Strong Password Generator after it has created passwords.

- Updated: February 9, 2008

4. Is there a way to test the security level of my password? - Top

You can test the password you use to use at SecurityStats.com website (http://www.securitystats.com/tools/password.php) to see how secure your chosen password is. This website contains many more password Do’s and Don’ts. This website will hide the characters you are entering so others around you will not see the password you are checking. The form will appear as pictured below once you have entered the password you are testing.

When you enter grape as a password to test you got the below results.

This means that grape does not pass the security test and it will not pass Schlumberger’s password security test either.

Next you entered gre3enegg5s as your password and receive the following results.

Again this password will not pass Schlumberger’s password security test.

You then entered mE8o44oW, one of the passwords from that was generated by the Strong Password Generator. Your results are shown below.

This means you now have a Schlumberger acceptable password.
- Updated: May 28, 2008

5. What will be my password once the SSA Directory is moved? - Top

Once the SSA Directory, Mail and website migration projects are completed, you will have only one password, which is managed by updating your SSA Directory record from the Schlumberger Secure Gateway. - Updated: May 28, 2008

6. Why was I warned about a password change? - Top

You may receive a system message similar to the following example:

Your LDAP record,
Distinguished name
cn=QUEEN NZINGHA 120541,ou=spouse,o=ssafara,c=AN
Common Name
QUEEN OF MATAMBA
has just had its password changed.
If you have not personally made this change (or requested the change), please report this incident to SSA Support.

Whenever a directory password is changed, the owner of the record is notified. If you changed your password or requested that the password be reset (for example, you forgot your password and were assisted by SSA Support or an SSA Directory Champion), then you can safely ignore the message. Otherwise, the message indicates that someone has been tampering with your account and can now potentially gain access to restricted (and personal) data. In the later case, report the incident to SSA Support.

Your SSA Directory password expires every six months, and users are reminded via email to change passwords. - Updated: June 6, 2008

7. Password expiration - Top

SSA Directory passwords expire every 180 days. This means that 180 days after the password is last changed, the password status is changed to "bad". Further, the pwStatus line in the securitystatus attribute will say "expired".

Users with expired passwords will be forced to reset their password before they can make any changes to their Directory record. An expired password will also cause problems accessing some corporate resources (e.g. dial in access)

See Changing Your Password for details on how to reset your password and so change your password status from "bad" to "good".

The owner of a Directory record is notified via email 30, 7 and 1 day(s) before the password is due to expire. The owner will receive notification emails for 15 days following password expiration.
- Updated: June 6, 2008

8. Password status - Top

Your directory record has a security status field that tracks several things:

completion of SSA IT Security Test

whether your record is tainted

whether your password is probably known to someone other than yourself

whether your password is the initial Directory password for a newly created record

whether it is expired or locked

Good vs. Bad Passwords
A "good" status means:

The password was last changed by you (not a Directory expert or proxy);

The selected password was strong (i.e. passed the SL IT password cracker).

A "bad" status could mean:

The password is too old;

The account has been locked;

The password may be known to more than one person (e.g. has been reset by someone);

If your record's security status indicates you have a bad password, you cannot modify your record until you log in and reset the password to one that is hard to crack. Refer to the Password FAQ for help creating a strong password.

Any password considered to be bad should also have a pwstatus line giving a reason.

- Updated: June 6, 2008

9. Password locking - Top

Passwords are locked on the sixteenth day after expiration at which point the expired password is changed to a random unknown value. The password status will be "bad" and the pwStatus line in the securitystatus attribute will say "locked".

Since the password is now an unknown value, users will be unable to login to any application using their LDAP password and will be unable to reset the password themselves.

Users can get their password reset by SSA Support. See Changing Your Password for details. Resetting the password will change the password status from "bad" to "good" and it will remove the pwStatus line from the securitystatus attribute.
- Updated: June 6, 2008

[e-Mail me the FAQs] - [Search our FAQs] - [Question Not Answered?]
: 1. What is considered a secure Schlumberger password?; 2. How do I change my current email password?; 3. Where can I find help in creating a secure password?; 4. Is there a way to test the security level of my password?; 5. What will be my password once the SSA Directory is moved?; 6. Why was I warned about a password change?; 7. Password expiration; 8. Password status; 9. Password locking

1. What is considered a secure Schlumberger password? - Top: The Schlumberger password security requirements are:

contains 7-14 characters (eight characters is optimal)

uses at least one upper case letter

uses at least one special character

uses at least one number

uses as many character types possible (upper and lower-case letters, numbers, symbols)

cannot be found in a dictionary. For example, D0gb0n# can be found in the dictionary as Dogbone (the letter o is keyed as zero, and the letter e is keyed as #)

Examples of passwords that meet Schlumberger security standards:

mVy6@oz?

aBc1@3aB

mE>8(ooW

l8r?g8r!

gRn8gs&H*(wK)

- Updated: February 11, 2008

2. How do I change my current email password? - Top: The next step to update my SSA email password using this new password. Click the link “Edit My Profile” (http://mail.ssafara.net:5002/cgi-bin/update-record.cgi) on the left side of SSAfara.net homepage.

The following “Choose a digital certificate” message may appear. Click the “OK” button to continue.

You will need to fill out the form below using your current password. Pick “Password” as the Update choice.

You will be taken to the following form:

Enter your new Schlumberger secure password and click the “Change Password” button. You will see the below image if your password was changed successfully.

If you the two passwords you type in do not match, you will receive the following error:

This means you need to try again.
- Updated: February 9, 2008

3. Where can I find help in creating a secure password? - Top: There are websites that will help you generate passwords that will pass Schlumberger’s password security test. Strong Password Generator website (http://www.mytsoftware.com/dailyproject/PassGen/PassGen.html) will generate secure passwords. Below is a picture of the form you will find on the page. You need to fill in the password length, number of passwords you want to create, and pick password format of base95. Then you click the “Generate” button.

Below image shows the Strong Password Generator after it has created passwords.

- Updated: February 9, 2008

4. Is there a way to test the security level of my password? - Top: You can test the password you use to use at SecurityStats.com website (http://www.securitystats.com/tools/password.php) to see how secure your chosen password is. This website contains many more password Do’s and Don’ts. This website will hide the characters you are entering so others around you will not see the password you are checking. The form will appear as pictured below once you have entered the password you are testing.

When you enter grape as a password to test you got the below results.

This means that grape does not pass the security test and it will not pass Schlumberger’s password security test either.

Next you entered gre3enegg5s as your password and receive the following results.

Again this password will not pass Schlumberger’s password security test.

You then entered mE8o44oW, one of the passwords from that was generated by the Strong Password Generator. Your results are shown below.

This means you now have a Schlumberger acceptable password.
- Updated: May 28, 2008

5. What will be my password once the SSA Directory is moved? - Top: Once the SSA Directory, Mail and website migration projects are completed, you will have only one password, which is managed by updating your SSA Directory record from the Schlumberger Secure Gateway. - Updated: May 28, 2008

6. Why was I warned about a password change? - Top: You may receive a system message similar to the following example:

Your LDAP record,
Distinguished name
cn=QUEEN NZINGHA 120541,ou=spouse,o=ssafara,c=AN
Common Name
QUEEN OF MATAMBA
has just had its password changed.
If you have not personally made this change (or requested the change), please report this incident to SSA Support.

Whenever a directory password is changed, the owner of the record is notified. If you changed your password or requested that the password be reset (for example, you forgot your password and were assisted by SSA Support or an SSA Directory Champion), then you can safely ignore the message. Otherwise, the message indicates that someone has been tampering with your account and can now potentially gain access to restricted (and personal) data. In the later case, report the incident to SSA Support.

Your SSA Directory password expires every six months, and users are reminded via email to change passwords. - Updated: June 6, 2008

7. Password expiration - Top: SSA Directory passwords expire every 180 days. This means that 180 days after the password is last changed, the password status is changed to "bad". Further, the pwStatus line in the securitystatus attribute will say "expired".

Users with expired passwords will be forced to reset their password before they can make any changes to their Directory record. An expired password will also cause problems accessing some corporate resources (e.g. dial in access)

See Changing Your Password for details on how to reset your password and so change your password status from "bad" to "good".

The owner of a Directory record is notified via email 30, 7 and 1 day(s) before the password is due to expire. The owner will receive notification emails for 15 days following password expiration.
- Updated: June 6, 2008

8. Password status - Top: Your directory record has a security status field that tracks several things:

completion of SSA IT Security Test

whether your record is tainted

whether your password is probably known to someone other than yourself

whether your password is the initial Directory password for a newly created record

whether it is expired or locked

Good vs. Bad Passwords
A "good" status means:

The password was last changed by you (not a Directory expert or proxy);

The selected password was strong (i.e. passed the SL IT password cracker).

A "bad" status could mean:

The password is too old;

The account has been locked;

The password may be known to more than one person (e.g. has been reset by someone);

If your record's security status indicates you have a bad password, you cannot modify your record until you log in and reset the password to one that is hard to crack. Refer to the Password FAQ for help creating a strong password.

Any password considered to be bad should also have a pwstatus line giving a reason.

- Updated: June 6, 2008

9. Password locking - Top: Passwords are locked on the sixteenth day after expiration at which point the expired password is changed to a random unknown value. The password status will be "bad" and the pwStatus line in the securitystatus attribute will say "locked".

Since the password is now an unknown value, users will be unable to login to any application using their LDAP password and will be unable to reset the password themselves.

Users can get their password reset by SSA Support. See Changing Your Password for details. Resetting the password will change the password status from "bad" to "good" and it will remove the pwStatus line from the securitystatus attribute.
- Updated: June 6, 2008

	Schlumberger Spouses Association - An informal organization...with an important role

SSA account holders are required to abide by the Schlumberger
Electronic Communications Policy and Internet Access Agreement for spouses
SSA Disclaimer - This disclaimer applies to all the information held on the SSA web site, and the associated SSA chapter sites and pages.